CyberSecurity Matters: The Human Factor

Size: px

Start display at page:

Download "CyberSecurity Matters: The Human Factor"

Posy Reynolds
5 years ago
Views:

CyberSecurity Matters: The Human Factor Seth Robinson Sr.

Director Product Management @stangernet www.netcomlearning.

3 New Era of Enterprise Technology Mainframe Technology not widely accessible Technology use highly restricted Technology management highly centralized PC/ Internet Technology moderately accessible Technology use becoming pervasive Technology management mostly centralized Cloud/ Mobile Technology widely accessible Technology use very open Technology management decentralized

4 New Era Defined by New Behavior

6 Companies are Focused on Security Today Two Years From Now 50% 44% 34% 41% 4% 12% 2% 13% Lower No change Moderately Higher Significantly Higher Source: CompTIA s Trends in Information Security study Base: 400 U.S. end users

7 But Are They Focused on the Right Things? Security Concern Change in Trend Security Threats Moderate Concern Serious Concern No Change / Less Critical Today More Critical Today Malware (e.g. viruses, worms, trojans, botnets, etc.) 37% 50% 51% 49% Hacking (e.g. DoS attack, APT, etc.) 38% 49% 54% 46% Privacy concerns 36% 45% 62% 38% Data loss/leakage 42% 40% 66% 34% Social engineering/phishing 41% 38% 58% 42% Understanding security risks of emerging areas 43% 36% 61% 39% Lack of budget/support for investing in security 34% 34% 72% 28% Physical security threats (e.g. theft of a device) 42% 33% 71% 29% Regulatory compliance 37% 32% 75% 25% Intentional abuse by insiders, i.e. staff, contractors 35% 31% 75% 25% Human error among general staff 51% 30% 74% 26% Enforcement of company security policy 38% 29% 74% 26% Formal risk assessment 46% 28% 73% 27% Human error among IT staff 41% 27% 80% 20% Source: CompTIA s Trends in Information Security study Base: 400 U.S. end users

8 Drivers for Changing Security Approach Change in IT operations Reports of security breaches 43% 47% Knowledge gained from training Vulnerability discovered by audit Internal security breach or incident Change in operations or client base Change in management Focus on a new industry vertical 34% 29% 29% 26% 26% 22% Source: CompTIA s Trends in Information Security study Base: 400 U.S. end users

10 qwerty baseball dragon football monkey letmein mustang access shadow master michael superman batman

11 The Human Element Factors in Security Breaches 52% 48% Human error Technology error Source: CompTIA s Trends in Information Security study Base: 400 U.S. end users

12 Top Human Error Sources 42% 42% End user failure to follow policies and procedures 42% 42% General carelessness 31% 31% Failure to get up to speed on new threats 29% 29% Lack of expertise with websites/applications 26% 26% IT staff failure to follow policies and procedures Source: CompTIA s Trends in Information Security study Base: 400 U.S. end users

13 Planning for the Unknowns Reports that say...that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know. Donald Rumsfeld, Former United States Secretary of Defense

14 Criteria Needed for Better Training Better content 53% Better administrative tools 40% More user friendly / better interface 40% More engaging / interesting 36% More real-world examples / case studies 35% More mobile More dynamic (e.g. gamification elements, "pop quizzes," etc.) 27% 30% Source: CompTIA s Trends in Information Security study Base: 160 U.S. end users providing security training

15 Best Practices for Managing End Users Build a corporate policy Don t forget physical security Simulate common attacks

16 Today s vulnerabilities and threats

17 Today s threats Let s talk about the security issues that go bump in the night... Technology not mapped to a company s real needs Advanced Persistent Threats (APT) Complacency Difficult to track Losing sight of the real business need Security technology serves a business need Unmapped technology What you don t see... Attacks below the threshold Stealth attackers Insiders Outside attackers who are now lurking and waiting in silence... Unseen factors that lead to disruptions Thresholds not properly set Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

The most common attack vectors in 2015 Social engineering Phishing / spear phishing False flag Zero-day attacks Retail industry has experienced a surge in point-of-sale (POS)

18 The most common attack vectors in 2015 Social engineering Phishing / spear phishing False flag Zero-day attacks Retail industry has experienced a surge in point-of-sale (POS) malware and attacks Web-based attacks SSL/TLS SQL injection Malware SCADA / industrial systems Mobile Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

19 How attacks have changed through the decades Viruses (1990s) Defense: Anti-Virus, Firewalls Worms (2000s) Defense: Intrusion Detection & Prevention Botnets (late 2000s to current) Defense: Reputation, DLP, App.-aware Firewalls Directed Attacks (APTs) (today) Strategy: Visibility and Context ILOVEYOU Melissa Anna Kournikova Nimda SQL Slammer Conficker Tedroo Rustock Conficker Aurora Shady Rat Duqu Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

20 The Advanced Persistent Threat (APT) Characteristics: Highly coordinated Embedded Often state sponsored Planning Malware Introduction Command & Control Lateral Movement Target Identification Exfiltration (Attack Event) Retreat Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

21 today s targets

22 What specific technologies are targeted? Often waged by a single individual or by a group Can be devastating 10% 4% 2% 22% Weak Passwords Missing Patches Web Management Console File Upload 62% Social Engineering Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

26 The skills needed to counter vulnerabilities and mitigate threats

27 An essential realization... Very effective malware is available as well Attackers have realized that simple, powerful tools are available All they need to do is find that one user Vendor or service provider impersonation There are also additional attacks and trends that the public usually doesn t see Insider attacks Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

Maturing overall operations It s vital to focus on identifying the hacker cycle Mitigation involves inhibiting the hacker as well as detection and response Corrections DMV Courts Municipal County

28 Maturing overall operations It s vital to focus on identifying the hacker cycle Mitigation involves inhibiting the hacker as well as detection and response Corrections DMV Courts Municipal County State Federal Law Enforcement Message Switch The key is to create a matrix that helps you focus your activities. Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org Copyright (c) 2015 Target

29 Essential skills overview Router Custom framework creation Reassignment of resources Perimeter device configuration Firewall VPN Coordination Data analysis Policy-based security End user Project management Voice and video systems IDS Server Workstation Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

30 Questions to ask when creating a custom framework 1. How do we detect that initial footprint? 2. How do we detect lateral movement? 3. How do we detect that initial prevention failure? 4. How do you cut down on dwell time? Taking dwell time from 14 days to 3 days. What framework and technology can you put in place? Dwell time: The amount of elapsed time between an initial breach to containment The 80/20 rule: In many cases, organizations are already at the 80% threshold; getting to 90% and above requires hard work and smart allocation of resources. Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

31 Validating the workforce

32 IT Certifications expected to increase in importance NET Agreement* to Statements 73% It s important to test after training to confirm knowledge gains 64% Teams of staff with IT certifications benefit from having a common foundation of knowledge 62% Staff with IT certifications have proven expertise 58% Staff holding IT certifications are more valuable to the organization 54% The organization is more secure from malware and hackers due to staff with IT certifications *Strongly Agree + Agree Base: 1,246 business and IT executives from Brazil, Canada, France, Germany, India, Japan, Mexico, Middle East, Thailand and the UK Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

Importance (cont d) Expectations for change in importance of IT

Importance Increase in Importance 28% 43% combined = 67% NET

Workforce Issues study No Change NET Increase in Importance

33 Importance (cont d) Expectations for change in importance of IT certifications over next 2 Years 24% Significant Increase in Importance Increase in Importance 28% 43% combined = 67% NET Decrease Source: CompTIA International Technology Adoption and Workforce Issues study No Change NET Increase in Importance Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

34 Vendor-neutral certification benefits Vendor-neutral security training is in demand in regards to security. The right mix of skills Provides a perspective concerning the entire network, not one particular vendor s approach Provides confidence For the technical worker Management Partners who use company services Advanced certification and vendor-specific training is a great next step. Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

35 International technology adoption & workforce issues study 2013 Key Strategic Priorities for Businesses Reach new customers Reduce costs / overhead Improve staff productivity/capabilities Key IT Priorities for Businesses Security Data Storage / backup Web/online presence/e-commerce Network Infrastructure Mobility related initiatives 61% of executives believe the security threat is increasing. 85% indicate IT skills gaps in their business exist. 86% of businesses engaged in training over the last 12 months. 41% believed IT certifications will become more important. 54% believed their importance would remain unchanged. Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org 3

36 Top 5 benefits of certified IT staff Better able to understand new technologies More productive More insightful problem solving Better project management skills 5 Better communication skills Source: CompTIA Market Research 2012 Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

37 Hiring and certification 1 CompTIA A+ 2 PMP 3 CCNA 4 CompTIA Security+ 5 MCSE 6 CompTIA Network+ 7 MCP 8 CISSP 9 ITIL 10 MCITP Source: The Dice Report, February 2012 Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. CompTIA.org

38 Thank You Seth James

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive